Privacy Policy

1. Data Controller

Responsible for data processing on this website according to Art. 4 (7) GDPR:

Tobias Buse
Handpan Place
Am Röttchen 1a
40468 Düsseldorf
Germany

Email: shop@handpanplace.com
Phone: +49 152 3173 0193

2. General Information on Data Processing

2.1 Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and our services. The processing of personal data occurs regularly only with your consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing is permitted by law.

2.2 Legal Basis for Processing Personal Data

Art. 6 (1) lit. a GDPR: When we obtain consent for processing personal data, this serves as the legal basis.

Art. 6 (1) lit. b GDPR: For processing necessary to fulfill a contract or pre-contractual measures (e.g., processing orders, payment processing).

Art. 6 (1) lit. c GDPR: When processing is necessary to fulfill a legal obligation (e.g., retention obligations).

Art. 6 (1) lit. f GDPR: When processing is necessary to protect legitimate interests of our company or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail.

3. Data Collection When Visiting Our Website

3.1 Server Log Files

When you visit our website, our web server automatically collects information in so-called server log files that your browser automatically transmits. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • Host name of the accessing computer (IP address)
  • Time of the server request
  • Access status/HTTP status code

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in ensuring the technical operation and security of the website).

Storage period: This data is automatically deleted after 7 days.

This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

3.2 Cookies

Our website uses cookies. Cookies are small text files that are stored on your device and saved by your browser. They do not cause any damage to your device. Some cookies remain on your device until you delete them (persistent cookies). Other cookies are automatically deleted when you close your browser (session cookies).

We use the following types of cookies:

  • Essential cookies: Required for basic website functionality (legal basis: Art. 6 (1) lit. f GDPR)
  • Preference cookies: Store your cookie consent choices (legal basis: Art. 6 (1) lit. a GDPR)

You can configure your browser to inform you about cookie placement and allow cookies only on a case-by-case basis, exclude cookies in certain cases or generally, and enable automatic deletion of cookies when closing the browser.

For more information, please see our Cookie Policy.

4. Contact Form and Email Contact

When you contact us via our contact form or email, the data you provide (name, email address, telephone number, message content) will be stored for processing your inquiry and for possible follow-up questions.

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries).

Storage period: Your data will be deleted as soon as it is no longer required for the purpose of collection. For personal data sent via the contact form, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter has been conclusively clarified.

5. Payment Processing with Stripe

We use the payment service provider Stripe to process payments on our website. The provider is Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When you make a purchase in our shop, your payment data (e.g., name, payment amount, bank account details, credit card number) will be processed by Stripe for payment processing. The transfer is subject to the respective data protection provisions of Stripe.

Legal basis: Art. 6 (1) lit. b GDPR (contract fulfillment) and Art. 6 (1) lit. f GDPR (legitimate interest in efficient and secure payment processing).

Data transfer to third countries: Stripe may transfer data to the USA. The data transfer is based on the EU Standard Contractual Clauses (SCCs) and additional safeguards.

For more information, see Stripe's privacy policy: https://stripe.com/privacy

6. Hosting and Content Delivery

This website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel automatically collects and stores information in server log files that your browser transmits to us. This includes the information listed under "Server Log Files."

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure and efficient provision of our website).

For more information, see Vercel's privacy policy: https://vercel.com/legal/privacy-policy

7. Your Rights as Data Subject

You have the following rights regarding your personal data:

  • Right to access (Art. 15 GDPR): You can request confirmation as to whether personal data concerning you is being processed and request information about this data.
  • Right to rectification (Art. 16 GDPR): You can request that inaccurate personal data be corrected or incomplete data be completed.
  • Right to erasure (Art. 17 GDPR): You can request the deletion of your personal data under certain conditions.
  • Right to restriction of processing (Art. 18 GDPR): You can request that the processing of your personal data be restricted.
  • Right to data portability (Art. 20 GDPR): You can receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to processing based on Art. 6 (1) lit. f GDPR.
  • Right to withdraw consent (Art. 7 (3) GDPR): If processing is based on your consent, you can withdraw it at any time with effect for the future.

To exercise these rights, please contact us at: shop@handpanplace.com

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.

The responsible supervisory authority for North Rhine-Westphalia is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany

Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

9. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

All data transfers on this website are encrypted using SSL/TLS technology.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on this page.

Last updated: January 2026